Chapter 12 PowerPoint Slides


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Chapter 12 PowerPoint Slides

  1. 1. Database Administration and Security Transparencies
  2. 2. Objectives <ul><li>The distinction between data administration and database administration. </li></ul><ul><li>The purpose and tasks associated with data administration and database administration. </li></ul><ul><li>The scope of database security. </li></ul><ul><li>Why database security is a serious concern for an organization. </li></ul><ul><li>The type of threats that can affect a database system. </li></ul><ul><li>How to protect a computer system using computer-based controls. </li></ul>©Pearson Education 2009
  3. 3. Data administration and database administration <ul><li>Data Administrator (DA) and Database Administrator (DBA) are responsible for managing and controlling activities associated with corporate data and corporate database, respectively. </li></ul><ul><li>DA is more concerned with early stages of lifecycle and DBA is more concerned with later stages. </li></ul>©Pearson Education 2009
  4. 4. Data administration <ul><li>Management and control of corporate data, including: </li></ul><ul><ul><li>database planning; </li></ul></ul><ul><ul><li>development and maintenance of standards, policies, and procedures; </li></ul></ul><ul><ul><li>conceptual and logical database design. </li></ul></ul>©Pearson Education 2009
  5. 5. Data administration tasks ©Pearson Education 2009
  6. 6. Database administration <ul><li>  Management and control of physical realization of a database system, including: </li></ul><ul><ul><li>physical database design and implementation; </li></ul></ul><ul><ul><li>setting security and integrity controls; </li></ul></ul><ul><ul><li>monitoring system performance; </li></ul></ul><ul><ul><li>reorganizing the database. </li></ul></ul>©Pearson Education 2009
  7. 7. Database administration tasks ©Pearson Education 2009
  8. 8. Comparison of data and database administration ©Pearson Education 2009
  9. 9. Database security <ul><li>Mechanisms that protect the database against intentional or accidental threats. </li></ul><ul><li>Not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database. </li></ul><ul><li>Includes hardware, software, people, and data. </li></ul><ul><li>Growing importance of security is the increasing amounts of crucial corporate data being stored on computer. </li></ul>©Pearson Education 2009
  10. 10. Examples of threats and possible outcomes ©Pearson Education 2009
  11. 11. Summary of threats to computer systems ©Pearson Education 2009
  12. 12. Database security <ul><li>Threat is any situation or event, whether intentional or unintentional, that may adversely affect a system and consequently the organization. </li></ul><ul><li>Outcomes to avoid: </li></ul><ul><ul><li>theft and fraud, </li></ul></ul><ul><ul><li>loss of confidentiality (secrecy), </li></ul></ul><ul><ul><li>loss of privacy, </li></ul></ul><ul><ul><li>loss of integrity, </li></ul></ul><ul><ul><li>loss of availability. </li></ul></ul>©Pearson Education 2009
  13. 13. Typical multi-user computer environment ©Pearson Education 2009
  14. 14. Database security <ul><li>Computer-based countermeasures include: </li></ul><ul><ul><li>authorization, </li></ul></ul><ul><ul><li>views, </li></ul></ul><ul><ul><li>backup and recovery, </li></ul></ul><ul><ul><li>integrity, </li></ul></ul><ul><ul><li>encryption, </li></ul></ul><ul><ul><li>redundant array of independent disks (RAID). </li></ul></ul>©Pearson Education 2009
  15. 15. Countermeasures - computer-based controls <ul><li>Authorization </li></ul><ul><ul><li>The granting of a right or privilege that enables a subject to have legitimate access to a database system or a database system’s object. </li></ul></ul><ul><li>Authentication </li></ul><ul><ul><li>A mechanism that determines whether a user is, who he or she claims to be. failure. </li></ul></ul><ul><li>Privilege </li></ul><ul><ul><li>A right granted by one user to allow another user or group of users access to a database system or an object in the database system. </li></ul></ul>©Pearson Education 2009
  16. 16. Countermeasures - computer-based controls <ul><li>Views </li></ul><ul><ul><li>A view is a virtual table that does not necessarily exist in the database but can be produced upon request by a particular user, at the time of request. </li></ul></ul><ul><li>Backup and recovery </li></ul><ul><ul><li>Process of periodically taking a copy of the database and log file (and possibly programs) onto offline storage media. </li></ul></ul>©Pearson Education 2009
  17. 17. Countermeasures - computer-based controls <ul><li>Journaling </li></ul><ul><ul><li>Process of keeping and maintaining a log file (or journal) of all changes made to database to enable recovery to be undertaken effectively in the event of failure. </li></ul></ul><ul><li>Backup window </li></ul><ul><ul><li>The time period during which the database can be backed up. </li></ul></ul>©Pearson Education 2009
  18. 18. Countermeasures - computer-based controls <ul><li>Integrity </li></ul><ul><ul><li>Prevents data from becoming invalid, and hence giving misleading or incorrect results. </li></ul></ul><ul><li>Encryption </li></ul><ul><ul><li>Encoding the data by a special algorithm that renders the data unreadable by any program without the decryption key. </li></ul></ul>©Pearson Education 2009
  19. 19. Countermeasures - computer-based controls <ul><li>RAID </li></ul><ul><ul><li>A set or array of physical disk drives that appear to the database user (and programs) as if they form one large physical storage. </li></ul></ul><ul><ul><li>Hardware that the DBMS runs on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. </li></ul></ul>©Pearson Education 2009
  20. 20. Network security architecture three tier database system architecture ©Pearson Education 2009
  21. 21. Countermeasures - network security <ul><li>Network security is the protect of servers from intruders. </li></ul><ul><li>Firewall is a server or router with two or more network interfaces and special software that filters or selectively blocks messages traveling between networks. </li></ul><ul><li>De-Militarized Zone (DMZ) is a special, restricted network that is established between two firewalls. </li></ul>©Pearson Education 2009